CVE-2017-18001
First published: Sun Dec 31 2017(Updated: )
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trustwave Secure Web Gateway | <=11.8.0.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-18001?
CVE-2017-18001 is a vulnerability in Trustwave Secure Web Gateway (SWG) that allows remote attackers to gain unauthorized access to the device.
What is the severity of CVE-2017-18001?
CVE-2017-18001 has a severity rating of 9.8, which is considered critical.
How does CVE-2017-18001 work?
CVE-2017-18001 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, leading to remote root access.
How can I fix CVE-2017-18001?
To fix CVE-2017-18001, it is recommended to update Trustwave Secure Web Gateway (SWG) to version 11.8.0.28 or later.
Where can I find more information about CVE-2017-18001?
You can find more information about CVE-2017-18001 in the references provided: http://seclists.org/fulldisclosure/2017/Dec/88, https://blogs.securiteam.com/index.php/archives/3550, https://www.exploit-db.com/exploits/44047/
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/trustwave
- canonical/trustwave secure web gateway
- version/trustwave secure web gateway/11.8.0.27